postgres-operator icon indicating copy to clipboard operation
postgres-operator copied to clipboard

Published 20 hours ago verified publisher icon zalando

SecurityContext configurations are missing for postgres-operator-ui and cluster configurations

Open kndoni opened this issue 1 year ago • 2 comments

Hello I am trying to set up postgres-operator in kubernetes cluster. I am using latest version v1.12.2 Apparently I can only configure securityContext for postgres-operator with (allow_privilege_escalation and runAsNonRoot). But I can not do the same for postgres-operator-ui or for the cluster configuration itself. So with this issues in place I can not successfully use the operator. I also saw there are a lot of other issues ongoing related with this. Is there someone working on this issue already or do you plan to add this in the future?

Thanks in advance!

kndoni avatar Jul 01 '24 13:07 kndoni

As workaround you can use a kyverno ClusterPolicy

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: postgresql-securitycontext
spec:
  rules:
    - name: mutate-postgresql-sts
      match:
        any:
          - resources:
              kinds:
                - Pod
              selector:
                matchLabels:
                  application: spilo
      mutate:
        patchStrategicMerge:
          spec:
            containers:
              - (name): "*"
                securityContext:
                  allowPrivilegeEscalation: false
                  capabilities:
                    drop:
                      - ALL
                  seccompProfile:
                    type: RuntimeDefault
            securityContext:
              runAsNonRoot: true

yyvess avatar Jul 02 '24 06:07 yyvess

Whilst the patch works, its not fixing the issue. Is it being added ? as for clusters with higher security PSP's these settings are a must.

kevsterd avatar May 01 '25 08:05 kevsterd

+1

qwerty1q2w avatar Aug 25 '25 06:08 qwerty1q2w